I've made a simple cms. I have a table with page content. In the view I make a call for a helper that get's the data:
View:
<%= content(the_id) %>
In the application helper:
def content(c) @content = Pagecontent.find(c).content end
This works great. Any problems with this, like security? Any other way to do it this simple?
Hi Pål Bergström
My opinion is you can move Pagecontent.find(c) to model and access this from controller. Then just use it in view so to avoid making db call from helper/view even this is simple
Sijo
Hi Pål Bergström
Are there any real security problems with my way?
No security problems I think
Sijo
Pål Bergström wrote:
Marnen Laibow-Koser wrote:
Put the query in the controller. Assign it to a variable. Use the variable in the view. Just as simple. No helper necessary. No breaking MVC.
Will mean extra coding for each page.
I don't believe it will, but perhaps I don't understand the structure of your app. Can you explain how you're using this?
Anyway, even if it *does* mean extra coding, it's the right thing to do.
Best,
Marnen Laibow-Koser wrote:
I don't believe it will, but perhaps I don't understand the structure of your app. Can you explain how you're using this?
Anyway, even if it *does* mean extra coding, it's the right thing to do.
Let's say I have 5 pages. Each page can have 1 or more areas which can be edited by the user. Probably 1-3 areas, where the main sections is the body text.
Each area is assigned an id. By using my setup as above I can assign the id and content for each area in the view, and that's it. No extra coding or assigning a variable for each page and each area.
This is like static CMS where the control of new pages are limited but not the actual text/content.
Pål Bergström wrote:
Marnen Laibow-Koser wrote:
I don't believe it will, but perhaps I don't understand the structure of your app. Can you explain how you're using this?
Anyway, even if it *does* mean extra coding, it's the right thing to do.
Let's say I have 5 pages. Each page can have 1 or more areas which can be edited by the user. Probably 1-3 areas, where the main sections is the body text.
Each area is assigned an id. By using my setup as above I can assign the id and content for each area in the view, and that's it. No extra coding or assigning a variable for each page and each area.
So the Pagecontent (should be PageContent!) is the model for the editable area?
Are the 5 pages rendered by separate controller actions, or by the same action on different instances of Page?
This is like static CMS where the control of new pages are limited but not the actual text/content.
Best,
Marnen Laibow-Koser wrote:
So your controller is just
def page1 end
def page2 end
?
Where do the ids that you're passing to the pagecontent helper get set?
In the view with.
<%= content(the_id_of_content) %>
In the application helper:
def content(c) @content = Pagecontent.find(c).content end
Pål Bergström wrote:
Marnen Laibow-Koser wrote:
[...]
Where do the ids that you're passing to the pagecontent helper get set?
In the view with.
<%= content(the_id_of_content) %>
In the application helper:
def content(c) @content = Pagecontent.find(c).content end
Then the best thing to do, it seems to me, is to restructure things as I indicated before. Moving the query into the controller will not require any more code, and it will decouple the view from the DB (which is the right thing). The proper Railsy way is like this:
# controller def page1 @content = Pagecontent.find(whatever) end
# page1.html.erb <%= @content %>
Less code than a helper, more flexible, and more truly MVC. The helper method has nothing at all to recommend it here.
Best,
Marnen Laibow-Koser wrote:
Then the best thing to do, it seems to me, is to restructure things as I indicated before. Moving the query into the controller will not require any more code, and it will decouple the view from the DB (which is the right thing). The proper Railsy way is like this:
# controller def page1 @content = Pagecontent.find(whatever) end
# page1.html.erb <%= @content %>
Less code than a helper, more flexible, and more truly MVC. The helper method has nothing at all to recommend it here.
I don't see how that would mean less code.
Pål Bergström wrote:
Marnen Laibow-Koser wrote:
Then the best thing to do, it seems to me, is to restructure things as I indicated before. Moving the query into the controller will not require any more code, and it will decouple the view from the DB (which is the right thing). The proper Railsy way is like this:
# controller def page1 @content = Pagecontent.find(whatever) end
# page1.html.erb <%= @content %>
Less code than a helper, more flexible, and more truly MVC. The helper method has nothing at all to recommend it here.
I don't see how that would mean less code.
With the helper, you have both the helper method definition and the call in the view. With the proper Railsy way, you just have the call in the controller (equivalent to the helper definition) and the variable is already set for the view without further work.
But don't take my word for it. Branch your project and try it!
Best,